Case Study

Securing connected medical devices for effective, safe patient care


TriHealth turns to Palo Alto Networks Medical IoT Security to support its mission to improve healthcare outcomes

In brief






United States


TriHealth lacked visibility into its IoT devices, creating unacceptable patient safety risks.

    • Medical IoT Security
    • PA-Series Next-Generation Firewalls
    • Panorama®

TriHealth gained game-changing visibility and streamlined control over its IoT devices, empowering the organization to improve care and better protect patients as IoT device usage soars.

Download PDF Share

TriHealth, a 15,000-employee health system, partnered with Palo Alto Networks to gain better visibility into its IoT devices, with nearly 26,000 devices discovered over the past year. Palo Alto Networks Medical IoT Security solution provides TriHealth with comprehensive visibility, risk and compliance assessment, improved control, and simplified, automated management. It’s keeping IoT devices safe and secure and supporting TriHealth’s mission to improve the health of the people it serves.

TriHealth is one of the top integrated health systems in Cincinnati, OH, with 15,000 employees, two acute care hospitals, and more than 130 care sites providing a wide range of clinical, educational, preventive, and social programs.

The organization’s information security team supports its mission by making patient safety the number one priority. The team’s task has become more challenging as the number of connected devices on TriHealth networks grows.

Currently, TriHealth uses more than 175,000 connected devices. While Internet of Medical Things (IoMT) devices are critical for patient care, they have weak in-built security, and many are inherently vulnerable or become vulnerable over a long operational lifespan. This makes them popular targets for cyberattacks. TriHealth needed a solution to protect patients, ensure security, and mitigate any risks from vulnerable IoT devices.


We had to make sure that only authorized personnel had access to our IoT devices and were managing them appropriately, including awareness of whether installed software had any vulnerabilities. We needed to be able to discover and prevent malicious execution of software on those devices.

— Greg Allender, Vice President and Chief Information Security Officer, TriHealth


Low visibility on connected devices leaves security gaps

TriHealth sought an IoT security solution to address issues around visibility, inventory, and insight into its connected devices. The company outsources its clinical engineering team; this contributed to a lack of consistent visibility and created several challenges:

  • The organization had incomplete information on which devices were in the system and their security status.
  • The internal TriHealth team had difficulty managing device security effectively across all their connected endpoints.
  • The organization’s ability to discover and prevent malicious activity was limited.

The information security team knew that poor security on connected medical devices could pose a serious risk to patient safety, privacy, and confidentiality. They needed to improve visibility, gain control, and strengthen security.


The partnership we have with Palo Alto was a key factor in choosing the Medical IoT Security platform. Knowing Palo Alto Networks’ background heritage in network security, we feel very confident in what they produce. And we needed a strong team to help us on this journey of securing our IoT environment.

— Greg Allender, Vice President and Chief Information Security Officer, TriHealth


The right solution and a trusted partnership

In 2019, TriHealth began investigating IoT security solutions and conducted comprehensive evaluations, including proofs of concept, with four providers. Ultimately, TriHealth selected Palo Alto Networks Medical IoT Security. TriHealth already relied on Palo Alto Networks Next-Generation Firewalls and Panorama as its network security management solution. Palo AltoNetworks’ reputation as a proven leader in the field and the established relationship were major factors in TriHealth’s decision.

“The partnership we have with Palo Alto Networks was a key factor in choosing the Medical IoT Security platform,” says GregAllender, vice president and chief information officer, TriHealth. “Knowing Palo Alto Networks’ background heritage in network security, we feel very confident in what they produce. And we needed a strong partner to help us on this journey of securing our IoT environment.”

A partnership approach has been key for TriHealth in addressing challenges with securing IoT devices. During onboarding, TriHealth needed to correctly configure the solution’s interface with existing firewall network sensors. Xu Zou, Palo AltoNetworks Vice President of Network Security, reached out personally and committed to helping TriHealth solve the problem.TriHealth and Palo Alto Networks began weekly status calls to ensure everything was going smoothly.

“I’ve never had that kind of response from a vendor, saying, ‘We’re going to get this working; we’re going to fix it for you; we’re going to make it right,’” Allender says. “I always reflect back on the caring and concern that the whole Palo Alto Networks team expressed during this journey.”

Medical IoT Security has provided TriHealth unprecedented visibility into the system’s IoT devices and the ability to manage them and mitigate risk—all without negatively impacting patient care. TriHealth and Palo Alto Networks have developed a strategic business relationship and are now working together on the further evolution of the solution.


Device discovery vastly improves visibility

With the help of Palo Alto Networks Medical IoT Security, TriHealth has achieved dramatically improved visibility just by by passively observing network traffic on firewalls. Using the solution’s automated device discovery, the team was able to quickly detect and secure previously unmanaged and unknown devices.

The solution’s passive monitoring empowers TriHealth to see and analyze the status of devices without being intrusive or disrupting patient care.

The new visibility offers the TriHealth team crucial data on the system’s IoT devices, including:

  • Identifying devices across the system and maintaining an up-to-date inventory of connected devices.
  • Security status of each device, including vulnerability posture and risk assessment based on multiple factors.
  • Traffic flow between devices and network segments.
  • Physical location of devices. Many devices move throughout facilities as needed; previously, tracking their location wasn’t easy.

“From a risk perspective, being able to see network connected devices, being able to prioritize and categorize different vulnerabilities based on the type of device, traffic flow from the device, and whether the device is in an online or offline status, are all very important to us,” Allender says.

Visibility into the system is enhanced by integration with Panorama, which provides a single pane of glass so the TriHealth team can see what needs to be addressed and respond quickly. For example, the organization tackled a company-wide initiative to replace IP phone equipment and eliminate unsupported hardware. The security team was able to monitor the transition from old equipment to new for a full view of progress on the project without having to rely on manual reports from the departments using the equipment.

Visibility, automation improve management

Medical IoT Security improved TriHealth’s management and administration of connected medical devices, increasing the team’s ability to identify risks and take appropriate action. The solution provides a database for IoMT device cybersecurity documentation, offering essential information on vulnerabilities, criticality, and sensitivity so that TriHealth can take protective action, such as correctly segmenting vulnerable or risky devices. The solution also automates medical device call alerts for TriHealth to stay ahead of any issues before they can affect patient care.

The solution will help TriHealth be proactive as the new U.S. Protecting and Transforming Cyber Health Care Act (PATCH Act) goes into effect. The PATCH Act requires medical device vendors to verify that their products meet stringent cybersecurity standards. Medical IoT Security helps TriHealth ensure that its medical devices operate in a network with effective security controls in place.

The Palo Alto Networks solution further enhances IoT device governance by automating Zero Trust policy recommendations and enforcement, eliminating manual policy creation and scaling across devices with the same profile for streamlined security.

One of the most important benefits TriHealth has realized is a better dialogue with its outsourced clinical engineering team on the security and risk management of devices. “Until we had that visibility, that inventory, we didn’t have a lot of opportunities governance over network-connected medical devices with the clinical engineering team,” Allender confirms.

“Medical IoT Security was a key success factor in getting the clinical teams to see the value in the tool and use it.”


Medical IoT Security was a key success factor in getting the clinical teams to see the value in the tool and use it.

— Greg Allender, Vice President and Chief Information Security Officer, TriHealth

Accurate inventory increases efficiency, saves money

Thanks to visibility gained with Medical IoT Security, TriHealth sees significant opportunities to utilize devices more efficiently. For example, TriHealth has around 1,500 infusion pumps in its inventory at any given time but generally uses only 300 to 400 of them per day. With an up-to-date and easily accessible inventory, TriHealth can help managers locate and use equipment already on hand rather than ordering more.

This could help cut costs, an unexpected benefit. The security team envisions an opportunity to work with other departments, such as finance and purchasing, to optimize expenditures based on device data.

TriHealth is also exploring how to use Medical IoT Security to document device vulnerabilities and dynamically open service ticket requests to ensure that the correct mitigation or maintenance is done on time.

A solution that changes the game

Palo Alto Networks Medical IoT Security has already had a strong impact on TriHealth’s ability to manage its IoT devices. It created urgently needed visibility into connected devices throughout the system, providing invaluable data on devices and simplifying and automating device governance.

These capabilities empower TriHealth to provide the best patient care and mitigate risks while keeping IoT devices optimized and secure.

TriHealth values Palo Alto Networks as a strategic partner; the companies are continuing to work together to identify insights and capabilities for additional use cases. “Palo Alto Networks is going to be there,” Allender says. “They’re a proven leader in this space and have the expertise to adapt and integrate new technologies. I’m glad we could go on this journey with them. I feel comfortable they’ll always have our back.”

Learn how Palo Alto Networks’ best-in-class solutions can improve IoT security for your healthcare organization.

Find additional information about Medical IoT Security here.